Click here to load reader
Upload
shadaab-ahmed-umair
View
212
Download
0
Embed Size (px)
Citation preview
7/25/2019 Chap02 Review
http://slidepdf.com/reader/full/chap02-review 1/3
Guide to Firewalls and Network SecurityChapter 2 Solutions
Review Questions
1. IPSec: A set of standards and tools used to authenticate and/or secure communications.Application-level firewall: Software that functions as a proxy, runnin applications to access resourcesoutside the networ!.
In "rder: #he firewall processes re$uests %y followin rules in top to %ottom order.
&eny-All: All pac!ets are denied except for a few that have %een specifically identified as permissi%le.
'est (it: #he firewall determines the order in which rules should %e processed."a!ley: An alorithm used %y IPSec to enerate a security !ey needed to encrypt data
IPv): #he latest version of Internet Protocol, developed %y the I*#(.
+. hich of the followin rules should %e conveyed to employees hoose all that apply0Answer: , &
. hich of the followin descri%es aspects of a policy as opposed to a standard or a uide hec! all
that apply.0Answer: ',
2. hat is the name for the part of the security policy that spells out how employees dial in to the office
networ! to access filesAnswer: '
3. *xplain what it means to 4Start with the policy, not the firewall.5
Answer: 6ather than purchasin and installin one or more firewalls and then developin a policy, anorani7ation should first identify what needs to %e protected and develop a policy that addresses that
protection in a comprehensive way, and then install a firewall as part of policy.
). hy would you want to chane a security policyAnswers:
8. hat amount of time should you expect to spend on the security policy development process
Answer: #he exact time frame depends on the company, %ut development typically ta!es one to twowee!s. #he approval process, however, can ta!e wee!s or months dependin on the si7e and
complexity of the orani7ation.
9. Its important for security specialists to remem%er that ran!-and-file employees primary concern is:
Answer: '. or!ers may %e concerned a%out maintainin their privacy and that of the companys
customers, %ut their primary concern is to et access to files, forms, and data they need to complete
their pro;ects.
<. hy would you specify the use of IPSec in a security policy
Answer: If you need to transfer sensitive information that re$uires an extra level of security.
1=. hich of the followin provides for authentication
Answer: &. Answer '., tunnel mode, encapsulates and/or encrypts data %ut does not provide for
authentication.
11. (inish this sentence: IPSec can save you the time and expense of installin...
Answer: A.
1+. hat does an IPSec policy doAnswer: A.
>uide to (irewalls and ?etwor! Security hapter + Solutions
7/25/2019 Chap02 Review
http://slidepdf.com/reader/full/chap02-review 2/3
1. In what environment would you specify an IPSec policy in >roup Policy
Answer: '. A is too vaue@ you only need IPSec for communications that re$uire a heihtened level of
security..
12. ou are a security consultant assined to improve the level of networ! security at a small university in
the Bidwest with a%out +,3== students. Students need access to e-mail and the e%@ they need to %e
a%le to download common word processin and other prorams. #he situation is complicated %yfaculty and commutin students who dial in to the networ! from home. Bany students also want to
create their own personal e% sites. Cow would you ensure that the far-flun and mo%ile student
population !nows that they should avoid pu%lishin content online that is considered offensive, and to
!eep passwords private, and that they understand the universitys security policies hoose all thatapply.0
Answers: Answers A, ', and are all ood ideas. Cowever, answer & is pro%a%ly the most effective
way to ensure that the security policies are read and understood %y students.
13. #o the scenario descri%ed in Duestion 12, add this information: our university has a second campus in
a town 3= miles a way. Bost communications %etween the campus do not need to %e secure. 'ut some,
li!e rade reports and admissions files, do re$uire an extra level of security. Cow would you set up a
policy that provides for extra-secure communications on an as-needed %asis 'e as specific as
possi%le.Answer: In the security policy, specify that IPSec should %e ena%led on the computers that exchane
rades and other sensitive information %etween the two campuses. Also specify that IPSec Server
policy should %e used so that hosts will re$uest IPSec, %ut it is not necessary for communicatin withcomputers that do not use IPSec.
1). hen should a security policy %e chaned
Answer: It should chane when the orani7ation ma!es su%stantial chanes in its hardwareconfiuration, or when the firewall is reconfiured in response to security %reaches.
18. hich of the followin is a reason to audit networ! communications
Answer:
19. ou are hired %y a company that employees a num%er of freelance transcriptionists who wor! at home.#hey need to access the networ! remotely so they can su%mit timesheets online and send the company
transcriptions of medical tests that need to %e confidential. hat would you include in the 6emoteAccess portion of the security policy for this company
Answer: E#he 6emote Access section should spell out what protocols should %e used to dial in to the
office e.., SFIP or PPP0. It should also list applications that should not %e used to connect to the
networ!, such as #elnet. (or users who have ca%le modem or &SF connections, who are re$uired tohave firewalls installed. 6outers that use IS&? to connect to the networ! should meet Password
Authentication Protocol PAP0 or hallene Candsha!e Authentication Protocol CAP0
authentication re$uirements.G
1<. *xplain what a Security Hser Awareness proram is and how it can %e implemented.
Answer: A Security Hser Awareness proram is a series of initiatives ta!en to help employees
understand and accept their orani7ations security stratey. It can %e implemented %y ivinemployees a formal %riefin and handin out a security hand%oo!. *mployees can also %e informeda%out what is expected of them as far as accepta%le use of networ!ed resources. Some companies print
out their Accepta%le Hse Policies and re$uire employees to read and sin them. Polices should also %e
pu%lished on the e% or in a data%ase file where they can %e reviewed any time.
+=. *xplain what can happen if a security policy is too strict.
Answer: Staff people who are eaer to access the information they need will re%el and find ways to et
around the firewall and other aspects of the security policy.
>uide to (irewalls and ?etwor! Security hapter + Solutions
7/25/2019 Chap02 Review
http://slidepdf.com/reader/full/chap02-review 3/3